No product data in the document (PDF)

[netzarbeiter]

If you have an attribute of the type "Text field" which is defined by your customer, the following problem can show up.

The customer inserts a special character (e.g. von <0.05% = n.d.) in the text field.

The special characters are output and understood by TCPPDF as HTML characters.

Therefore the product data is not outputed in the document.

Go to the iso_collection_invoice.html5 template:

Replace the following code

<?= $this->attributeValue($name, $value, ['html'=>true, 'item'=>$item['item']]) ?>

through

<?= htmlentities($this->attributeValue($name, $value, ['html'=>true, 'item'=>$item['item']])) ?>

[aschempp]

Not sure how we can generally resolve that. If the attribute would be a back end field with tinyMCE, we would need to allow HTML. @Toflar @qzminski maybe we could only apply this automatically to front end fields? I assume they must never allow HTML, wdyt?

[Toflar]

Allowing HTML in a PDF can be dangerous. I guess you could do all sorts of funny stuff within a PDF. I think it should be the other way around: HTML should always be encoded in the PDF and only raw if you really want it (which - to be honest, you shouldn't do on FE user input - unless the attribute value is sanitized and only allows safe tags and attributes).

Not sure if this can be resolved. The administrator is the only one that knows the contents of the attributes. So I guess this will be sort of "solved" automatically once you switch to Twig. You will have to add |raw wherever you want the HTML to be interpreted as such.

[aschempp]

it has nothing to do with HTML… even if the field contains valid HTML, TCPDF would still incorrectly interpret a <5 (lower than X) sign.

[ThomasKettner]

we are facing the same issue with a textarea field.

      <?php foreach($item['options'] as $option): ?>
        <?php echo htmlentities($option['value']); ?> 
      <?php endforeach; ?>

So we added htmlentities to the options array output.